Main page  Basic features  Download  User's guide  Price list  Order  Plugins  Support  Security  Contacts

Possibilities of securing Proxy+ Proxy+ supports two ways to avoid using its services by unwelcome user. Security (Proxy Settings/Security) Primary designed for securing from objectionable using. Every new request accepted by Proxy+ is evaluated by these settings. Access List (Proxy Settings/Access List) primary designed to limit access of local users. It's not possible to apply this to all services (mail server ignores Access List settings for SMTP and POP3 connections). It's possible to use it only as an extension to Security settings. It's possible to protect admin interface of Proxy+ by username and password too. It means that user who can connect to the admin interface can make changes only if he knows username and password. Security Proxy Settings/Security settings are based on several lists of interfaces and clients IP addresses. Every request coming to Proxy+ is carrying two IP addresses: source IP address (client computer) and destination IP address (IP address of an interface on the Proxy+ computer). These two addresses are compared with following three lists: Insecure interfaces The request is denied if it goes through listed interface. Secure interfaces The request is denied if it doesn't go through any listed interface. Secure clients The request is denied if the source IP address is not listed here. Following applies: if the list is empty, the request is accepted by this list evaluation. It means the security evaluation works with non empty lists only. if the source interface of the request is some interface of the computer running Proxy+ (the request originates on the same computer), the access is allowed. In other words: it's not possible to deny Proxy+ services to a user working on Proxy+ computer by security configuration. if settings of Insecure interfaces collides with other lists (e.g. the same interface is listed on secure and insecure interfaces lists), the Secure Interfaces a Secure clients lists have higher priority. It means, the connection will be allowed. Insecure interfaces A list of potentially dangerous interfaces (modem, network card). Insecure interface is the one via which an insecure request can come. Typically it's an interface connected to the Internet. The request will be denied if it come via an interface listed here (if the same interface is not listed in the list of Secure Interfaces or the source address is not listed in the list of Secure Clients). The advantage of the insecure interfaces list is that in most cases it can be composed automatically and can be used as default protection from attack from the Internet. By default Proxy+ is preset to use list of Insecure interfaces and this list is composed automatically. Autodetection composes the list of insecure interfaces by following: if Proxy+ uses modem and phone line for accessing the Internet, the modem is marked as an insecure interface (the interface created after modem connection respectively). if Proxy+ is configured to work on synchronous leased line the list of interfaces is obtained from the routing table of TCP/IP subsystem. Autodetection on leased line installations works only for these systems: Windows 98, Windows NT 4.0 with SP4 (or newer) or Windows 2000. Windows 95 lacks this functionality and it's necessary to create the list of insecure interfaces manually. On dial-up lines, when Proxy+ initiates the connection, autodetection of insecure interfaces works properly on all Windows versions. Settings and state of Insecure interfaces lists is written to the ProxyLog.TXT file during Proxy+ start/restart. If some error or some situation when it's not possible to compose the list occurs (e.g. you use Windows 95 and leased line connection), the error message is written to the ErrLog.TXT too. If you compose the list of insecure interfaces manually, specify the IP address of the interface connected to the Internet every time. You can specify an IP address of any other interface (e.g. segment of your network with denied access to the Internet). Secure interfaces A list of secure interfaces. If using of Secure interfaces is enabled, the request is accepted if it came via one of the listed interface. An interface of your LAN (via which all local users are connected) can be specified by this way. Secure clients A list of secure clients. If using of Secure clients is enabled, the request is accepted if it was sent by a computer whose IP address is listed here (or is from any listed range) Access List Rules The Proxy Settings/Access List settings allow more flexible access control to Proxy+ services but it's not intended to provide real protection. Always use Proxy Settings/Security to define allowed/denied accesses and use Access Lists only for limiting clients. Detailed description of Access List is in chapter 4.6 Access List of the user's guide.

Main page || Basic features || Download || User's guide || Price list || Order || Plugins || Support || Security || Contacts